В сообщении от 29 июля 2010 17:05:53 автор k.maksimov написал: > Alexander R. Fahrutdinov wrote: > > В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov написал: > >> В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал: > >>> Alexander R. Fahrutdinov wrote: > >>>> В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал: > >>>>> Anton wrote: > >>>>>> On 28 July 2010 01:45, k.maksimov <k.maksi...@butb.by> wrote: > >>>>>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and > >>>>>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in > >>>>>>> first network hostname registered successfully, but in second > >>>>>>> network: > >>>>>>> > >>>>>>> sudo net ads join -U admin > >>>>>>> Enter admin's password: > >>>>>>> Using short domain name -- BUTB > >>>>>>> Joined 'TH-2-011' to realm 'butb.by' > >>>>>>> DNS update failed! > >>>>>> > >>>>>> As far as I can tell (I'm not entirely certain though) this is an > >>>>>> Active Directory / Windows Server configuration issue around > >>>>>> loosening permissions enough for the DHCP service to update the DNS > >>>>>> records. > >>>>>> > >>>>>> I don't know exactly what settings need to be configured though, as > >>>>>> I didn't manage to get it working either. In the end I decided to > >>>>>> keep the standard security and just use static IPs and DNS records > >>>>>> for winbind machines. > >>>>> > >>>>> I'm use static IP and I haven't DHCP. and this problem not an AD: > >>>>> Windows machines successfully update DNS. > >>>>> > >>>>> also I have ~200 machines and I can't add every DNS record manually. > >> > >> It seems, secure DNS update has broken in samba. I tried to use > >> different versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got > >> an error during DNS update, in spite of "wbinfo -t" and "net ads info" > >> commands output was OK. > >> > >> Secure DNS update via nss-update script has sucssefully completed, but > >> it requires a domain admin creditionals. > >> Guys from http://rc.quest.com/topics/ddns/old.php create a patch for > >> nss- update and GSSAPI library to use machine account instead admin > >> one, but I don't try this. > >> > >> So, I don't promise to disable the secure DNS update, because it > >> decrease AD security. > >> > >> Perghaps, somebody tell us, what we doing wrong? > > > > Earlier I tested DNS update on samba package included in Debian Etch, > > Lenny and testing Debian branch. > > > > Now I download CentOS distribution and try to update DNS via "net ads dns > > register -P" command. I'm surprised when command reports "Successfully > > registered hostname with DNS" with samba 3.0.33 and 3.5.4 versions. > > > > So, it isn't samba problem, but problem of specific distribution. > > > > And what's your distribution? > > I'm use Linux Mint 9 (based on Ubuntu 10.4), samba is 3.4.7, and in network > 192.168.1.0/24 dns updated successfully via "net ads dns register -P". So, > it's samba problem:)
Now I trying to update DNS from CentOS with two NICs: 192.168.33.131 and 10.0.3.15, and both addresses is being added to DNS sucsessfully. PS: "net ads dns register -P" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba